CNNVD-202512-2374 Information

CNNVD ID

CNNVD-202512-2374

Related CVE

CVE-2025-67730

• CNNVD Published: 2025-12-12

Description (Chinese)

Frappe Learning Management System是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning Management System 2.42.0之前版本存在跨站脚本漏洞，该漏洞源于Job、Course和Batch表单描述字段可注入恶意HTML和JavaScript。

Description (English)

Frappe Learning Management System is an easy-to-use open-source learning management system for Frappe open sources. The pre-Frappe Learning Management System 2.42.0 has a cross-site script loophole, which stems from the introduction of malicious HTML and JavaScript in the description fields of Job, Course and Watch forms.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Frappe

Published

2025-12-12

Last Modified

2026-02-24

References

https://github.com/frappe/lms/commit/0877e32e1bfe64831b875707241de1c449cda45c https://github.com/frappe/lms/security/advisories/GHSA-jjc4-j3hw-33h2

Patch

https://github.com/frappe/lms/releases